RSS

Authorization layer for AI agents (OAuth has no idea what your agent is doing)

ElamOlame2 pts0 comments

AgentGate — Trust Authorization for Autonomous AI Agents

Open Source Security for AI Agents<br>The trust layer for autonomous AI agents<br>AgentGate intercepts every agent action before execution — verifying identity, validating delegation chains, and detecting behavioral drift in real time.

Request Early AccessView on GitHub<br>$pip install agentgate-pdpor$npm install agentgate-pdp

Open SourcePython SDKTypeScript SDKLangGraph ReadyKill Chain DetectionMITRE ATLAS Mapped

agentgate-demo<br>$ python demo.py AgentGate PDP — Trust Authorization Layer ─────────────────────────────────────────[REGISTER] agent_id=analyst_001 purpose="Summarize quarterly business reports"[TOKEN] issued: eyJhbGciOiJFZERTQSJ9... (Ed25519 JWT — scope embedded + signed)[REQUEST] action=read resource=/reports/q1.pdf → PERMIT (trust=0.91)[REQUEST] action=read resource=/reports/q2.pdf → PERMIT (trust=0.89)[REQUEST] action=read resource=/reports/q3.pdf → PERMIT (trust=0.87)[REQUEST] action=read resource=/reports/q4.pdf → PERMIT (trust=0.86)...6 more reads in under 5 minutes...[REQUEST] action=export resource=/reports/*[KILL CHAIN] *** BULK_READ_THEN_EXFIL detected *** 10 reads in 4m32s followed by export attempt Pattern: data enumeration → exfiltration[DECISION] *** DENY ***[REASON] Kill chain: bulk read then exfiltration sequence. No single request triggered this. The sequence did.[AUDIT] entry #4821 — HMAC-chained, tamper-evident[ALERT] security team notified instantly

Your agents have credentials. Do you know what they're doing with them?<br>Enterprises are deploying autonomous AI agents at scale — but the security infrastructure hasn't kept up. Every agent is a potential attack surface.

OAuth can't detect scope creep<br>Traditional identity systems grant access once and assume good behavior. They cannot detect when an agent exceeds its delegated scope mid-task.

Delegation chains are invisible<br>When Agent A delegates to Agent B delegates to Agent C — who authorized the final action? No existing tool answers this.

Behavioral drift goes undetected<br>An agent's behavior shifts silently over time. By the time you notice, the damage is done.

AgentGate intercepts before execution<br>Every agent action is scored across four dimensions before it's allowed to run. No agent bypasses the gate.

Identity Verification<br>25%<br>Ed25519 JWT tokens with scope embedded in the signed credential — immutable after issuance, offline-verifiable with the public key. No database lookup required.

Delegation Chain Integrity<br>25%<br>Full chain traversal at every authorization call: every ancestor's scope is verified. Atomic revoke_chain neutralizes an agent and all descendants in one call.

Purpose Alignment<br>30%<br>Embedding-based semantic scoring: action + resource (85% weight) vs. declared purpose. Justification is capped at 15% — cannot be used to bypass a misaligned action.

Behavioral Anomaly Detection<br>20%<br>Per-agent velocity baselines with trust decay over time. Dormancy followed by sudden high-volume activity is itself a risk signal — no static thresholds.

Kill Chain Detection<br>Beyond single-request<br>Each individual request may look clean. AgentGate examines the full 5-minute sequence. Bulk reads followed by an export. A read followed by a delete on the same resource. Progressive sensitivity escalation. Directory sweeps across 6+ prefixes. Patterns that only become visible across multiple calls — and that no rule-based system can catch.

DENY<br>BULK_READ_THEN_EXFIL<br>10 reads → export

DENY<br>READ_THEN_DELETE<br>Read → delete same file

ESCALATE<br>SENSITIVITY_RAMP<br>Low → CRITICAL escalation

ESCALATE<br>DIRECTORY_SWEEP<br>6+ prefix recon

1Drop in your API key — one line of code

agent_config.py

2See every agent action in real time — attacks blocked live

http://localhost:8000 — AgentGate DashboardLIVE

Demo scenario — AgentGate intercepting a simulated multi-agent attack sequence in real time

Full Demo — 5 min<br>See AgentGate in action<br>Watch a live run — real agents, real attacks, real-time blocking.

AgentGate — Live Demo

The market context<br>The regulatory and threat landscape is converging. Enterprises need answers now.

OWASP LLM06<br>Excessive Agency — agents granted permissions beyond their declared scope, acting outside their intended purpose. Listed as a critical risk in OWASP Top 10 for LLM Applications.<br>OWASP Top 10 for LLM Applications, 2025

MITRE ATLAS<br>Adversarial ML tactics against AI systems now formally catalogued — reconnaissance, privilege escalation, and data exfiltration all apply to autonomous agents.<br>MITRE ATLAS, 2024

August 2026<br>EU AI Act high-risk obligations take effect — enterprises have months, not years, to implement governance controls for high-risk AI systems.<br>EU AI Act (Regulation 2024/1689)

Regulatory pressure and adversarial sophistication are converging. Teams without agent governance controls today face compliance exposure by Q4 2026.

Works with your existing stack<br>Drop-in integration. No framework changes. No rewrites.

Python 3.10+TypeScript /...

agent agentgate action agents request trust

Related Articles

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

SpaceX not the behemoth everyone thought

kaycebasques13 pts_blockquote instagram data vars text media

The Mirror Is Part of the Machine

london_safari10 ptstelemetry mirror decision logs enough time

Elevated error rates on requests to multiple models

recroad9 ptsclaude incident islands rates elevated error

Donald Trump and sons to be 'forever' exempt from tax audits

doener9 ptsdigital access newsletters premium financial times
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.